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(54) Title: CRYPTOGRAPHIC DIGITAL IDENTITY METHOD 
(57) Abstract 

This invention !creates a portable dig- 
ital identity (4011) of the individual that 
includes personal information (4004, 4005, 
4006) and may also include data repre- 
senting the person's; handwritten signature 
(4007) and one or more passwords (4O03). 
The digital identity! (401 1) optionally in- 
cludes data representing seals, fingerprints 
and biometric information (4007). The dig- 
ital identity (4011) ! can be used to bind 
a verifiable, electronic impression with an 
electronic document using electronic water}" ^ 
ma£ks so that any -modification in thedocuV 5 
ment of the electronic' impression bound ttr 
the *documeot .Gan 4 be^ detected. The per- 
sonar infoirna'tibrr -included- in*- the- digital i 
-identifiers k can include, in addition tcf a pass- 
word, (4003), answerS'to^questions that ire. 
^composed* by \tfie i}ser^;4p05). ; The digi- " 
tal identity (4011) of a user can be created ' 
once and stored after encryption for protec 7 
tion. 'Th'e'digifar identity can-then be used - 
by the* sigper to; bind a unique instance of 
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CRYPTOGRAPHIC DIGITAL IDENTITY METHOD 



Inventors: Shabbir A. Khan 
Saeed A. Rajput 
Basit Hussain 



The present invention relates generally to methods for creating the digital identity of 
an individual, binding an impression of it to electronic documents, and more 
particularly to producing reliable and consistently verifiable electronic impressions for 
automatic identity verification. 



BACKGROUND OF THE INVENTION 

This present invention is designed to enhance the exchange of personal, confidential, 
legal and proprietary information reliably through electronic means. An embodiment 
of this invention provides an electronic equivalent of the conventional "paper" 
paradigm, in which documents are authenticated and validated by signatures and 
seals. In the paper paradigm, signatures and seals, as imprinted on a document, 
represent the identity of the signer. r-That is, handwritterhsignatures, seals (and 
sometimes jinger prints) are the true' representative of the signer. ■ 



the desired requirements of an electronic equivalent pf the "p'aper" paradigm, are 
listed below; The requirements are: 



The' document and thg Signatures imprinted on the document can not be 
forged or broken easily (not usually satisfied by passwords). 
The receiver or anybody else cannot alter the! sjgned document - the : ' v 
document with whidvthe identity's impression;is bound — or the identity's 
impression itself as it is' bound to the document, without being detected. . 
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3. r Ttfe signer cannot deny the : act of signing the~document (non-repudiatiorrbf the 

origination source of the dociirnent). 

4. the document ca : n"hot be duplicated and still be claimed anginal for 
re-submission. 

5. Full reconstruction of identity, in case of loss of identity. 

6. ' *"'' 5 Consikei^'o^mparisbnre < sults , . l ' ! "* " '"^ 

7. The verifier should not be aWsumed trusteld. 5 In other words; the verifier should 
" nof fie n able to use' infbnTnalibn he^h^ abounhe signfer to'forgethe signed 

identity! :: ' t " " ''' ''' ' ^' U "' ~ " " ' ' ~' J[ 

8. [ °THe process of signing tHik document arid its verif icalibn should be simple and 

user friendly. 

9. 'The r proces's \if signing the document shbald not rely oh sophisticated 1!w : 
technology that is Hot readily 'available to ordinary cbmputer users other 1 than 
software implementing the present invention. 

1 0. ' The signatures, seys''and ; 'M'thUlT^ : p i rin1f3' are imprinted on the document and 
v "can'be 'ins|5ecfed by the e'xperei usihg : ''v1sual and-bthef verification methods: 



We will see that 
requiremerVts: A ty^ 

ci^fbgrSphic "digi&l^gria^u^s, 'in wnVbVirTc'ryp^dH'&ys geriefated by the system are 
used! These keyls are'pievided f ByW^?st¥m J to%e"{lsetfd? bVusbd'as their 
'electronic identities. 1 Like ! siais, thesek^ the''sigftet'_ 
becaus¥triey"a!re 
knows. 

to .'io.*5i<' ,,; !>t.i-"';:v'; o > i 3"!? , 5'suj'.. , i-:o ov.' 5 ;p i - :» zwr.--- ::. '■ ' 

Gtfter typical electronic replacements 1 of the 'paper" paradigm use only electronic 
representations of haiidwritten signatures. Simpler versions simply use digitized 
version of Handwritten signatures and bind if to the electronic document using 
* cryptdgrapfty/' More sophisticated versions derive probabilistic parameters of the 
kignatCire ancl 'Use these parameters as the basis of the identify of the user. Some 
implementations do bind digitized handwritten signatures cryptographically with the 
document but provide little protection of the signer's identity from forgeries created by 
the verifier. Fbrthefmore, the identity-6f the individual is solely dependent on digitized 
handwritten signatures. 
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Simpler versions .mentioned aibovp r©ly r cpmpletply : on encryption and cryptographic 
checksums (also called hash values) for th^^s^ke. of binding the digitized handwritten 
signature with the elecJfQnic document. The checksum is .digitally signed using 
cryptography. ' ■ s <; - 

One disadvantage of using a digitized handyvjipen^sigpat^r^ is ttmt the digitized 
version of Y a handwritten^sig^^ ojnce it is djacrypted. Another 

disadvantage^ is Jbat tpq cjigitfrf ph^syi^^ 

samples is almost never the same, even if they belong to the same person. 
Therefore effectively Jfte .identity; o£ the M|er is derived Iron? the .pryptograptuc key 
used for digitally signing the checksum rather than the handwritten signature. Hence 
from e security paint of view, system? using .cjigiti^ed hapdwnttf n signatures are only 
as, effective as systenjs that Mse^njy ? cryptpg^tj)^9 djgital signatures. ^ . A 

. Mor;^ sophisticated versions of the. digitized ^a^wr|^en f sign|rtur^ based security 
svstems derive the identity, of the user from probabilistic parameters derived from the 
signature while it is being executed, the input devices used for capturing the 

. signature in suc^ systerps^are rela|iyety ; expensive ap^ not widely available.^ . Since no 
two,sigr^ure3 : af^he ffm|? persppar^^ are 
pe^ec ^PtV theJSf m£ t of { 
the st^rpd ref ^npe, p^rftmeterf £y th^ H&ihfPf^^ wlth 

the ^oQ^ept.^Th parameters : can.neyer be 

. fylly tnLfsted. as jt depends upon sey^raj)acto tte control pt the ^steijri, 

such as the quality of parameter extraction at the time of reference parameter . 
extraction, the quality of signature capture at the time of authentication of the 
document, the mood and physical state, of the signer and the age of the reference 
parameters (signatures characteristics for a person change. with [ time) f Since, 
verification can never be fully trusted, it becomes a poor choice for automatic 
verification systems., Furthermore, the need for availability of these parameters at the 
destination is, a security ris^ since anybody in possession pf these parameters can 
create a forgery with some programming effort.. . . . 

Electronic docunienl ; signing ^ systems using, bipmetric infprmatjon,are high cost . 
systems. They use biometric information such as voice, finger print, and retina scans. 
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These systems' authenticate documents based on probabilistic comparison of one or 
more stored samples with the freshly retrieved sampled The problems 1 , associated with 
these forms of identity representations are the same as those associated with 
handwritten signatures. Often, the system operation is based on extraction of 
statistical parameters. Based on these parametersVand the knbwledge of algorithms 
used for calculating the correlation, some identities can be reverse engineered for 
belating the automatic venfication systems: " " : *■ 1 ' ,c ' j 

Yet another Hohvention^lTepiacerhent of "paper 10 paradigm is based on the use of 
passwords for identifying the signer, this is 1 a paradigm baseid on what the person 
knows, and relies on the signer to choose a "good" security password. The level of 
protection against attacks is only as good as the'passWords picked; Unfortunately, 
the best passwords are most unfriendly and diffiduit to remember. It is" well known 
that users often pick poor passwords that can easily be guessed, or reuse passwords 
exdes'sivelyi^ ^- - : - vi . j ; .v- , ■.: 

Th6 document authentication schemes discussed kbbve only partially ^satisfy the 
conventional requirements of binding a document sender's identity to the ^document. 

In systems i!Bsihg public ke^c^ (noh- 
repudiatibn of the original that the private key 

was'compromiSed. Similarly,' the private key or the 

cipher tert'without being detected if the 's%feiinty assumption of thie public key ; 
cryptography is broken. 

There is a heed for the following additional requirements for digital identities as well 
as 1 the impressions made by these identities electronic documehts: 7 

1 . Full reconstruction of identity, in case of loss of identity. 

2. Consistency of comparison results. 

3. The verifier should not be assUmed'tb' be trusted. In other words, the verifier 
should not be able to use the information he has about the signer to forge the 
signers identity: ' * ' 

4: ' The prbcefis of signing the document' should not rely : on sbphistidatfed 
technology that is not readily available to an ordinary computer usfeh 
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. 5. Forgeries and repudiatic^n oi origin can be proven even if the public key 
... - « cryptography's, security assumption lis broken., 
6. - Therprocess of signing the document and the verification process should be 
. ^simple and user friendly. (> .. r 

5 7. The signature^ should fee .yerifiat^e throughout and:after the lifetime oi the 
Mv ^signer. r ^ ^ . •* - u,:-,. (i ,- : ^- ^ * \? — ; . 

8. The digital identity of the signer shp^Jd maintain history, of .all, the changes that 

are made to the identity itself during its life. 
SJ. The signatures, seals and the Jhumb prints impjirjted on 5 the,dqcument should 
1 o * . v offer both visual and^digital mean?, for yerifying.the, sjgnatpre. ^ . r M : . , : 

We can broadly classjfy various r electrqni£^ two 
^categories: deterministic or probabilistic. v!orv < r - - ^ , — ; ; ^ f r : 

15 The digital identities used in deterministic authentication methods caajbe fully ? , 
recovered in original form. Examples are methods based on passwords, 
.cryptographic keys ^ or ones th^t simply sign^ures wjth d^Qupients 

.cryptographically, y - v , r . , ; nc ,> nU r.o3-* ^iV^-' ! • ,,s/v-y^ 

20 The digital jdentitj^&used, in piQ^abi^ ^e^p^ts^^^n.p^ ±j©^ ^M^y " 

v . : : r- * recovered in original ic^rr^^ 

. , correlation functions. Jo .use^pkp^bUjste 

comparison results haye tp.b? interpf§tfa^ s PT 1 ^ t p)^E^ q ?;/^9^-t - a w 

25 Examples of these methods include handwritten signatures, voice, finger prints and T: , 
, other biornetric representations., Typically. a finite riun^berof par^m^Jtpns .ar^. derived 
from these representations and these paramjetpr^are used for authentication 

30 . . SUMMARY OF, INVENTION „ . 

The present invention creates a digital identity of an individual that can be used in 
electronic authentication systems for signing the electrpnic.documents. This identity 
typically includes personal information, images, handwritten signature and passwords. 
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It optionally includes seals, fingerprints and other biometric information. ! This digital 
identity can be used to authenticate the integrity and identity of an electronic 
document, as well as for non-repudiation of the electronic document's origination 
source. The digital identity also has: other properties associated with conventional ' 
5 electronic authentication systems. *c - * • ■»/ 

Forgeries of the digital Identity, attacks against it, arid repudiation of use of the digital 
identity can be detected by use of an identrfsencomputediroTn personal information 
prbvSded by the user. Passwords can be used as one component of this personal ; 
10 information.- Using the digital identifier enables forgeries to be defected and sc-r- 

repudiatiori^of origin to rebuffed; reve'n if the- public key cryptographic! assumption is 
broken: * Some versions of the:digitai identifier ciao also be reconstructed in case the 
- original digital identity is lost. ; l : j c i: . ?. ''*' ^= i ^ s, 
• r v !c. •;>* ■ r;- - . ■>*;• ■ , v ■': : - n :' r f ;V zr^t " • J'J;' : : ;> ' 
1 5 This digital identity can bfe used in automatic^ verification systems bebauste it provides 
consistent results, unlike* handwritten signature; systems in Which the comparison ? 
results for two signatures may vary significantly, leading to unreliable results. 

• • * . n< r l..p.x: i - C x )r-7. 

Although the digital identity may contain handwritten signatures, images, seals, 
20 'fingerprints and othe r biometric information K^digitized^ parameterized f orm , th e 
authentication and verif icatiori process ^socjated -With -the diigital identity does : 'not 
solely depend on these components. Neither does the security depend only on 

cry^ographic ^ ; - .< 1 

25 Since the use of parameterized signature, fingerprints, photographic images and 
biometric Information is optional, the -present invention 

sophisticated technology that is hot readily available ~to-ain ordinary computer user. 

The digital identity^generated in accordance with the -present invention is portable, 
30 such as in a floppy disk, smart card, memory card, or other storage device; A 

compromised storage device is useless, because the digital identity information on it 
is encrypted. Furthermore, ; the verifier dbes not heed to' know or mairitaina 'document 
signer's sensitive information to perform verification. As a result, the verifier can be a 
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non-trusted party who does not have to know the private information or parameters 
associated with the identity of the signer. . t 

Electronically signing a docurnent is a cumbersome process, especially when it 
contains a variety of representations of the signer such as handwritten signatures, 
photographic images and biometric information. Hence in one embodiment of the 
invention the ;digita!iidentity of the sjgneois created once arid stored ; afterLencrYption 
for protection. kWis; identity. can .be u&edfwith little effort to bind a* verifiable impression 
made by the signer's identity to any document.; A series of techniques cqiv.be used! 
for the perSon'sJdentity verification. Fust the qryptographic digital signature js verified 
which establishes the integrity of thej document, and ensures non-repudistfigp of origin 
to the extent that it was signed by the.hoJderof thj^ private key. AtimeiStamp or j 
random number is used to establish that the document-is noit a;duplicat%presented as 
an original. In case of a dispute, electronic watermarks, which are functions of the 
, document and the personal identifiers;, i are-Msed to verify- that the digital signature 
indeedmade the signature; impression QmJheTaccompanying document, s ei?rjc:: 

Brief Description of the Drawings 

Fig. ,1. schematically -depiQtsja ipripDait m&thodcdf using a combinatlonisPf jsyrT)m^tric 
and^public key schemesitp effici^ . ;\'^\>c.i:^j:vi;c 

Fig. 2 schematically depicts ; p pnqF &rt^ 
digitally sign messages. 

\ r ^ ' :ir..r\\ ^c-c-t " ^agpn ,3*;L>&ngb r^'i^ie.-^ ...iv sr.*; v-v-n*^ 

Fig. 3 schematically depicts ; a pripr art , m^thpd ot verifying % digital -signature .and r ( 
r^trievin9;an;or^ginaJ.dpcyment-fTO - i c -v i i. j> f o: ^rfqo^ 

Fig. 4 is : .a flo.W: chart depictingjhqv^^thr^.eip^rspnalridentifierst me created .during the 
process of creajting^a digrtaNdentity. r;^ y . :: v ?q: H n. r.r„ 
. i . ; i^^ic ■,: -^v-** ^co!^'.- «\ ^ — L^::;-/ , N ;v 

, Fjg; 5 js.%fto ( W'Ghait : depigting-4he process ^of binding: an eJectronic-impression to a 
•. document.- . /. . v : , , r - • -.. •> . -i.,; .;v . > v - 
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Fig. 6 is a flow chart showing how an impression (ujsing three electronic watermarks) 
is made by the digital identity of a signer and is l?oqnd to a document or a message. 

Fig, 7 is a flowchart showing how electronic watermarks are used for detection of 
forgeries or modifications., ... . . 

Fig. 8 and Fig. 9 are flowcharts showing how an electronic impression, Ahatincludes 
the watermarks made by a digital identity, is carried with a document using the 
conventional cryptograph systems shown in Figs. 1 , 2 and 3. Fig. 9 depicts a 
document verification process for .such documents. , . u 

Fig. 10 depicts the relationships between. the three personal identifiers, the document 
being signed, three .electronic watermarks, the public information belonging to the 
digital ^ identity ?and the resulting 

, v V DETAILEP, DESCRIPTION OF THE PREFERB^D EMBODIMENTS 

- We will .describe one embodiment pf : our, invention in detail. Before description of the 
embodiment, however, we would briefly describe the prior art related to use of 
yconventjo^a^p^ublic-Jk^y and^symmej.tjc, crvpto.graphic schemes t in digital encryption 
and digital sign^ures .schemes.. ^TPs pripn^rt jsideplcted Figs. 1,2, and 3 V ^ 

( F:ig; ;1 depipts .tbeuseofa combination* oi^^^ kipy schemes to 

efficiently encrypt long messages. Encryption Module 101 represents any symmetric 
key encryption procedure, including DES and IDEA. This module needs a key whose 
-size .depends pn,the £i erjicryption:^ .This key is generated by a random 

number; gener^tpr^lOSI, Instead of proyiding this key.directlyto the yerifier^it is 

encrypted : by public key encryption rnodule 1 02 that utilizes , any public key v 
; cryptography i^ethpd, including RSA, DSA a ; nd,Elliptical Curves. Algorithms. The 
receiver's public key is used tp perfo^this encryption. The encrypted key is. 
concatenated with the encrypted message (104) for transmission 105. 
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Tlie transmission module 1ti5 tnafy include any communication media, such as real 
time communication systems, storage media and store and forward systems. ~ * 

On the receiver end, the encrypted fceyis first separated from the message (106), the 
key is decrypted by the public key decryption module 108 using the 1 receiver's private 
key. The decrypted key is used to decrypt the message by symmetric key decryption 

module 107. ' : ' t;, * : ^ ' "' r,; ' 1 ; * * : '* " ^ - : - " 

Fig. 2! and Fig. 3 show a prior art method of using c of public key signatures to 7 
authenticate messages. !n the system depicted, hashTnodule 401 first computes a 
summary or a digest of the document or message. This digest is then signed by the 
public key Signature module 402 using the sigke?s pHvate ke^y to prbduce digital 
signature. This process enables authentication ahd nbn-repttdiation of o^ngin; ! * ° 
because nobody but the holder of \h£ private ke^ris aBib X& produce exactly the! same 
signature. If secrecy is also needed, the message can be encrypted by encryption ^ 
box 404 using the scheme shown in Fig. 1. In the shown embodiment, the digital 
signature is stiowrVtb Be concatenated (463) witK the encrypted message after v 
encryption. In alternative embodiments, the concatenation can be done before # 
'encryption sb that the digitSlsignSture is farther enc^ted along with the message"; - 

Fi^> 3 depicts the process of Verif^ 

document from the enbryptedlrifbVm^tiofi5 ln*the shdwri embodiment; 1 the digital • 
signature is first separated (702) from the encrypted message before decryption of 
the'rhessatje by the d&ifyp\ion : itiW%4? In^tematfve embodiments^ 
' perfohri^dWdre'the separation. 1 — mV'- ^ v * ^ r ^ ^ :^ 

tbverify, the decrypted message is fiaslied again, Casing th'e = s£riie algbntfim bsed in 
401 ; tolgerierate trie" message "digest. tWebn^inah v^iori df messagi dilgest is also 
derived from the received digital signature by public key verification module ^703 using 
the sender's public key. ' The ''t^^aluesofiheWess^ge digest are compared (706). 
If the tWo are exactly the skme; the^cfigifaT signature oh the ddcunfieht is" verified^ 
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Creating ia Digital Identity 

Fig. 4 depicts one embodiment of the digital identity creation process of the present 
inventions This process is used once in the life timfe oka digital identity. First a 
complete user name is obtained (4001). ^ . i : , x *->. : *.* : r I 

Through a series of questions in the user interface, the signer is prompted to enter his 
5 public ihfomriatibn (4002). Public information includes any information that is : j\ \ 
sufficient to identify and locate the signer and any otheriinformation that heJs willing 
to r share with the verifier or the recipient. This public information (including the , — 
residential/ offibe addresses, 1 phone numbers anti-ie-mail addresses) is expected to 
change during the-life time of: the identity objectand its owner* , : -i . 

The user is then prompted to provide a password and/or pin number (4003). The 
riser isHhen prompted (4004)' to provide *scme personal information; including his ■; 
password. The questions to elicit personal information' are similanto those generally 
asked by financial institutions (6.g. dlate^ of birth/ mother's maiden name, social 
1 security rtumber or a eiriique identity number}^ at the time- of- opening an account acid 
: %lsd used at later dates by the financial institotions-td authenticate iheir customers 
over the phone. These parameters, obtained at steps 4003 and 4004, are used:to 
protect the digital identity. 

^Iri the next :l phase (4005) v the user- is requeued tb enter text representing arfew . 
optidnapquestibrig that only he ^an'answern H& is thsn prompted (4006); to give brief 
answers to each question he entered. These answers to customized questions will 
be typically picked from the signer's own life experience and thus they will vary from 
■ ^individual tci ^ individual This further ensures the integrity of signer's digital identity 
: 'beyorid A^hat -Is currently used by financial institutions;^ It would be virtually impossible 
to answer all custom designed questions by an^dtherwise Informed attacker:* 5 ^ 

The-electranic representation of a handwritten" signature, or a seal, or a stamp; and 
optionally finger prints, photographic images; and other biometric information is then 
acquired through electronic files or directly from an information capturing device 
(4007). The electronic form of this information can be directly used or parameters 
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extracted from this information can :be usecfcinstead. These parameters can be 
optionally used for further probabilistic and/or statistical comparison. 

• • .>v 4 - . * • ^ m $ v. 

The system then generates a. public/private key pair;(40O8). The private key. 4010 will 
be maintained with the digital identity, whereasvthe public key 40097WiU be presented 
to a certification authority for publishing. 

A user's "digital identity" in a preferred embodiment includes; the usertnamejobtained 
at step 4001 ; the public information obtained at step 40P2^a.nchpfivate information 
obtaineduni steps 4003rand 4004; the personal; questions andj answers obtained; in 
steps 40Q5 and 4006; the public/private key pair generated at step<40p8; the tt 
handwritten signature and/on other biortietric; parameters obtainetd^t step 4007; and 
personal identifiers 1 , 2 and 3, 

The digital identity may furtherMincludejan indication of a;de3ifed security levelj which 
/may be changed irom time to time^either±>y the- usefoor automatically by an oW ^ - q 
authentication devicte -when^tl^,^aQr'Qrr&U'9Utho.rized pe/sprvis t unable : tOrRi:ovathey 
are the owner of the digitalidentity (aa describ 5) f , The 

digital* rdent^ 

idefntityovertirne^^r,; z: v. ?t* b^ni^Jc/*-' ..r. . * ^~m.V .s nork « ■!? r--v. 

The digital identity may further include owner profile information for use with electronic 
systems including but not limited to registration^ activity tragking^ infopTi^iqn retrieval, 
> accessing Setvifces overthe?lntenfiet-and- merchandise and service.? ipu(:ch^§ing;.r ;r 
"systems.?. - .:. r tr^v- aa^f* 9 * ^c : i v. fhjs* j: tn^v/^r. 

>.v !:v \ . -* * * ..u ■ \ * ■svl it* ,? r; , or*;, bexci'v; v • ur^r* 

Fig. tOsshows the;relationships between the;doGument b^ 

identifiers; three electronic watermarks; the, public information, belonging; to Jhe ^jgital 
identityoand the resulting-unique signaturerimpressibn. u- h ,~ y^-,? r ; : cv/ 

/Three types of personal identifie : rs>can be generated ^from:the jnfQrmat*Lon^ntered 
thus far, into the system vjArrecpyerab/e^perspna/ /denf/ffer (also caUed personal- . 
identifier^-). 401 3. of the user is, created by applying a hash function 4012 to the *. ^ 
concatenated information including the signer's public name and static; private 
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information. This hash is fully recoverable by any authority which has accfess to the 
static private information of the user. Another recoverable personal identifier {a\sb 
called personal identifier 2) 4015 is created by applying a hash* function (4014) on 
concatenated information including 4013 (personal identifier 1), custom questions 
5 4005 and answers in module 4006, The resulting personal identifier ^015 is fully 

recoverable as long as the signer maintains his long term memory (i.e., by re-entering 
the public arid private information arid tKen reapplying the hash functions). 

Another non-recoverable personal i fden(ifieY(atsoca\led personal identifier 3) 4017 
10 can be created by Hashing (401 6) the" recoverable personal identifier 2 (or in an 

alternative embcKliment, directly using the information from which the recoverable' 
personal identifier is computed), Pnvate Key 4010, signatures and/of images and 
other biometric information. This personal identifier is hon-recoverable bebatise every 
sample of the biometric information is unique which would lead to a different hash. 
15 This hash can be useful for verification if it is maintained by a trusted third party. The 

third party can notanze the non-recovferable identifier to be original arid nhaintaih a 

iv r r- . r -'V c 5 ; ■.',v*fu : .-e".: : ?vi -y; ft v^r"^; w# » \r * . -y- i- 
copy in a safe place for recovery in case of a dispute. 

An alternate embodiment (not shown here) uses probabilistic parameters computed 

20 from any or some of the biometric information for the individual (typically including the 

* v,v\: .: ; ?» >c fc:",i-V.a - J ('^ vrr.ubi I Mire it o ; C£j*o:, Un;^y; ~?r Jr =vv ■ .? ^ 
person's signature). These parameters can be notarized and stored by the notary as 

another means of venfication. These parameters can be used to authenticate any 

future samples of digital identity of the same user even if they were recreated (arid 

therefore will have a different non-recoverable identifier) using probabilistic 

25 comparisons. The trust in these comparisons' will never be 1 66% though and results 

of the comparison will have to be accepted with a certain level of tolerance.' 

Shortly we will discuss techniques that can utilize the personal identifier 401 3 or 4015 
or 4017 to protect the user against "forgery attacks at various levels. These personal 
30 identifiers can also be used to further protect the receiver/verifier of the message 

against denial of origin (repudiation of origin) by the originator^ especially in the case 
where user claims that his private key was compromised. 
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The uspr.name obtained in step 4001 public information obtained in step 4002, static 
private infpijnation in step^4005, personal questions in 4005, answers to personal 
questions in 4006, public/private key pair in 4008, .handwritten and/or biometric 
information in 4007, and the three personal identifiers (1 , 2 and 3) constitute the 
5 Portable Personality Identity of the signer. . 

The creation of such a sophisticated [ identity ^is a timpt consuming^ process. . However, 
this digital identity has to be generated only once in its life cycle and it can be easily 
maintained by the owner. Once a digital identity has been created, it can be easily 
1 0 used to authenticate the owner and sign as many documents as desired by the owner 
of the identity. The public portions of . this identity and all the measures to prove that 
the oriqinal document was signed by the owner of the identity are bound to the 
document at the time of signing. ...... . , 

15 The information provided and generated during this process, of creation of a digital 
identitv is saved by encrypting it with a kpy generated from the user name and 

password in this embodiment. In possible alternative embodiments, more 

r a ,. ;[:-t\b & to 3?t= : ^ *f ' . . v'^ ' ■ . j :.'c -7 ? g 

sophisticated encryption keys can be created by hashing some of the personal 



20 



answers. . , t , 



In this embodiment, the personal portable digital identity can be edited^ by the owner 
without affecting the verifications of signed documents based on personal identifiers 1 
and 2. All modifications to the identity will be saved, and recorded in a history record, 
as part of the digital identity of thQ owner. Although the owner may .decide to put a 
25 filter on the number of changes to be reflected and stored as part pf the digital identity 
to keep its fpotprint size small, there is no limit on } the number of changes the owner 
can make to the digital identity. 

Using the Digital Identity 

30 

The Digital Identity can be used to authenticate the user first and then make a 
signature impression on the document that is ( being signed by the : user and bind the 
impression made by the digital identity with the document itself. The impression 
made by the Digital Identity includes owner's public information, public keys, 
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watermarks, signature bitmaps, time stamp a^nd, the positional information of the 
signature impression within the document. j 

Fig. 5 indicates how the process? of signing a document and binding an electronic ; 
impression made by the identity with the document : ean besimplif ied, by requiring the 
user to answer just a few questions. * >■ ^ v j 

In this embodiment qfethe invention, the^us^r name and passwordjs pbtained in 
module 4301: Actually rprior<o this jirsfc step, the ^user (ie : . A owner of, the digital , 
identity) may^be required to submit "physical evidence" that he/she is the^ owner of the 
digital identity/ In particular, the digital identityis preferably stored ^computer . 
readable media such as smart cards, and; the authorities who create-digitaUdentit/es 
may display (i.e., affix).a photograph of the ^cwne?; of the digital edentity on the exterior 
surface .of the storage device (e.g^a smart caijd) to serve as a Picture ip of the qwner 
of the digital identity. In such embodiments, the owner may be required to submit to a ? 
. casLtatwisuai comparison of the owner with the? photograph on thp storage, device 
before being allowed ;to begin the electronic ownership. validation process represented 
by steps 4301 to 4305. m \ i:: ,-y/ . u--^ 

:.,f'o.L ■'■ l.^-- ~' v: . '».v -co (oO*H bo.hrS >A$n ■ . :n] jv.e-^. , r l. 

The decryption: key user name u^ing 

the same hash*function4hatw^^ In- alternative 

embodiments the keyiCani:be:.QreatjS.diiffojnsi1}^vsame perspnal answers that .were 
used during encryption jot the digitayci^nt^j J5ie kayi is r used tp 4 ,decrypt(4302) the 
digital identity only to place it in the volatile memory. The signer is then challenged 
with a few questions ^(4303) that are rasdoijiiy selected from jiis private information or 
.the pustom questions he provlded^s^ \ i, *r. * ; 3 : n ?v«« : v.' : 1 > ^ ; j 
ri-Jh^rri-n ::V !o srsr-i rr^.v ^c^roL*-. '\ 

The number of questions.asked can : be .made to depend on the level of security 
required based on the importance of the contents of the document being signed. 
During this question-answer (4303-4304) session, if the signer answers any of the 
questions incorrectly, he is given:a limited toumber of chances to try again which may 
range from one to "n M . We recommend using n<4. If the signer is unable to answer a 
particular question: in given number, of trials (4305), the system locks for a wait period, 
the length of which may be predetermined or determined within a predetermined 
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range by a random number - geherator^the digital identity information is erased from 
the volatile memory to avoid misappropriation of the digital identity; and then the . 
process is restarted from the beginning with a new set of questions. Detecting an 
attack on the digital identity object during the :autheritication process, it can-set itself to 
a higher level of security making^ even rtiore difficult for the'&ttacker.to break it. The 
fact that signer is not forced to answer all the questions provides ;user4riendliness, 
and the fact that the asked questions are picked at random unpredictably provides 
almost the ^ame leVel of security that would be prdvitfed when attrquestibns are*, 
asked. ^Locking 6f the system for a wafeperidd virtually eliminates the risks *ot : 
dictionary attacks. Wh&h all* thefqiiesfiohS being askecf are successfully answered, 
the public identity of the^signer id extracted frbrft the digitaUidentity (4306) and ri n 
includes all thfe infbrrhatioh that is' to bS included *rv the document, typically including 
handwritten signature bitmaps aftd aHI the riecfessary measures to protect,, verify and 
*compkre-*je electronic signature (impressions made on ar^iven ddcument. ^ ^. ; 

Ficj. 6 : sh6w§ Hdw'the digitaticfentit^bf the -"signer is boYmd to a document or message. 

t Module 4602 in Fig/ 6 rfepre6§nts erither module 4013 ortmodule 4015? or^module 4017 
of Fig. 4, which have been discussed above. In the shown embodiments the ::; •„ 
document is independently hashed (4603) and document hash and person digital 

r lderttlfier ? fiSsh kre further ^hashed (4604^opfbrffi art irreversibleeelectronicxwatermark 
r thM is^niqlie to the-tiigltairidentitjr bmhte^igner^aWd-to the docarrtenL ln*an : 
alternative embddimentv the peTsdri^* identic with the document 

arid a -Hash f uhetidriwapplied t© bbtH<fB obtain thfe elefctronte watemrark.' : e . 

The thrde%Ie6Worii(b waterMa'ric^^ of the 

electronic impression. The electronic impression { rftade by the>digital identity includes, 
in addition to the electronic watermarks, signatures and/or biometric information 
and/of fmages/jDublic ihformatfoni and'textbf ksustoril questions provided t^f iYmt 

signet ^''^ "' '-rrrj-;. \ ? .vt; \ ? r^^oo ->rif k - v u~ e;U r : j\i<:-.o *.ww 




r ■> h . Verificalionf 1 Methods'; :n i _ \ 



The electronic watermarks dan be lisedito-detect forgeries as discussed below.- In 
order to protect the receiver/verifier against false claims of the signer, a protocol can 
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be adopted in which the signer has to submit his personaiidentifiersto a third party 
for notarization and safe keeping as depicted by 4606 and 4607. In order to protect 
the signer from a potential impersonation attack by the trusted third: party, the signer 
should withhold at least one of the identifiers from the trusted third party. The signer 
can disclose the identifier, that was withheld from the trusted third party, to the courts 
ih case of s legal dispute. The signer can also, by makirigichanges to the digital 
identity, create a new identifier for future withhblding f in dase the identifier being, 
withheld was compromised or an undesired disclosure was made by any party. 
These changes Will be recorded as part of the* hfstsnf records being securely - 
maintained by : the signer. * > ' 1 - '< f '"*'■. r 

In an aiterhate embodiment (not shown here), the signer can generate s separate 
- public/private key pair^anid use the public key of the new key pair to encrypt all three 
identifiers prior to submitting fo the trusted third party; This would necessitatethe 
signer's cooperation at the^veriffcation time to disclose- the corresponding private key 
to decrypt the identifiers forverifscation'pUrpWefe lor resolving a legal dispute. ; 

v ,\* .-■ • ■ . . r.: \b * », >■ \ 1 :^;c ? , \ i L r rx .- 

An alternate embbdirnent (not shown here)1nvblves the/signer placing a copy, of the 
identified, that is being withheld from th^tmstedtth;rd'party,4niescrow (e.g.,vin aBS.afe 
deposit box or a repository for digital information) or with a different trusted third party 
for sMe k^epTing and recover, ^ 

dispute after the signer is no longer alive^ participate in the verification 

* process 1 .-' :? ?v Cil'~& -zt\: <nori%v ^'.k >-v. r - r * 

In an alternative embodiment of this invention, the entire electronic watermarks can c 
be subrhitted to the trusted third party for notarization and safe storage. Typically, this 
woulci be desirable for documents that are exceptionally irtipbrtant. ^ ^ ? 7 

Fig. 7 shbws how the electronic watermarks Will be T used for detection of forgeries that 
might happen doe to some kind of cbmpromisei in the ^ublic key cryptographic • 
1 schieme/ This presentation however assiimes integrity of the one-way and Gdllision- 
free properties of the^hash functions used for generating Ha^h'vaiues. ^ f ^ - — 
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To prove or detect a forgery, the signer or the notary public that maintains the 
notarized (encrypted) personal identifiers will re-compute ther.electronic watermarks 
from the document and the personaijidentifiers (4902 and 4903) and compare (4906) 
it with the ones attached with the,document 4904 as part of the electronic impression. 

If the, signer perf orms this check himself ;(f ©^detection of forgeiy) i; thej switch 4908 
accepts a personal identifier provided/recreated fcy the signer (4901 ).Uf;the notary 
public performs the check, switch 4908. accepts as its inputa decrypted, personal., 
identifier 4907: In this case thepersonal identifier 4907 is. obtained by first retrieving 
the notarized (encrypted) personal identifier 4606 from thetrusted thirc} party. The 
notary can then decrypt (4907) the personal identifier using her private key. In either 
case, Ahe document verification Is performed by applying a t predefined watermark, 
hashing function to the: concatenation, of the personal identifier and>the hash of;the 
document to produce a computectwaterrnark (49Q3). IMhe ,ppmput§d watetrm^rk and 
thecelectrohic watermark ;in the signpdiidQCumeot .are.- the. -same. therfcith is>known Ihat ;s 
the docurrient has not been modified^inpe^was signpd^and that electrppic^t , M 
watermark in the document was created using the same personal identifier available 
■from the notary: oHhegSigner.. Jf thatiptajy andjAhe third party are, th^s^m?*; t h © .th^d 
party will possess^the private key .amdjfoe-documenfc verificatipj^prpcess {skimpier. 

When the verifieifrecen^ pHbeJaindjng oft 

digital identity ;with the docurnent,: he sends thphashofcthfc dppugcienUp^the^^ary. 
In the alternative embodiment, where the entire document was actually used to .create 
the electronic watermark, the entire document will have to be sent to the trusted third 
'party;, * : -v :r :s : £< -* r, . . :*LV^v'!ii -?i r J \ou\;yv. .; -Kt-t ;: . •-■U:irn^Jis t\l ? 
■: "jvc -itrt :: :•. ' j: 'ir \c\ a\&h vwi ^ - fc ; .:*•<* ct oir.inui-j-r. s J 

The safe storage r pf the pptariz^drdigitabidentity with. the t an 
additional benefit. It can be used for certification purposes in case the signer loses 
•his.own memory such that he cannot ^ecreatethe identifier, bep.ause,he r vyiltnpt be 
able to answer the questions Rpsed durina^epreation. It pan/ also be ysed foj>„ . 
;certification based on persona] identifiers {which can never^b^ recreated)., In : t such 
cases, the verif ication' of the electronic watermark described above can be used. The 
verifier can take his document to the notary for verification of the electronic 
watermark. 
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As opposed to the case where cbmplete signer's infoltnation is trusted to the third 
party, this approach has an additional benefit that the third party will not be ablie to 
extract personal information from the identifier, nor will it be able to create the 
signature because it does not have the private key. This^pproach can also be used 
for verification of a signature in case the sigrier dies. ' 

To carry the electronic impressions, made by a digital identity on a given document, 
with the document itself using ttfe~ dohventional ciyptographic system^ discussed 
above with respect to Figs, i, 2 and 3, some adjustments are made. These 
adjustments are shown in Fig. 8 anci Fig. 9! Fig. 8 shows that the document (7002) is 
first concatenated with the public compohehts of the identity object (7001) and 1 
watermarks (7000) wKich how also carry *a senart number (7003) and^a 1 random 
number or a universal tirrie-stafnp and positional information correspbnding'to a 
particular impression (7004). The* cdricatehatiort is then' presented to the conventional 
cryptographic protocol discussed eaiiier. 1 4 1 - v w . w f t r ? 

A seriarnumber is used to detect if any cjbcQmehts in previous transmissions tbttie 
same receiver were destroyed during trknisimiskibn, A raridoril' number or' time stamp 
provides protection against reuse or H §lectfonF(^'dupjiMte as origihar attacks; If the 
document has a unique *time-stamp> dr Vandoifi number, the receiver caVf check his or 
her database to determine whether the same document has been presented to him or 
her before. The positional information is expressed in a coordinate system relative to 
the document, or a relative address iriTtfie document (e.'g. relative byte address), or as 
an inclex to a node if the <bocum is Being represented by a tree bbnsistirig bf one or 
more hbclesl The verification thaf is based on the positional information (associated 
witti a particular impression j given document) detects agkinst possible' attabks to 
reuse ^he impression at a differeHt plac4 in the 'document. 1 J ' ' Q 

A protocol for inserting and deleting electronic impressions from" a document (also 
called Impression Insertion/Deletion Protocol) governs the policies for allowing or 
disallowing an authenticated user from inserting a new impression into or deleting an 
existing inrtpressiori from a given ^ document This embodiment covers insertion of new 
impressions provided' the new impression occurs as part of a valid sequence or a 
hierarchy or a combination of the two schemes. Similarly/this embodiment also 
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covers deletion of existing impressions, belonging to an authenticated .user by. the 
same user provided the deletion of an existing impression follows a valid sequence or 
a hierarchy of a combination of the, two schemes. This embodiment, depending upon 
the impression insertion/validation. protocol, does allow an override of an existing 
5 signature by a higher authority while maintaining a history pf .thf insertion^and . 
deletion of impressions made to the document. 

Fig. 9. depicts .the f modifications made in the yeiifiqation process. The modifications 
required include; separation^ox 7301 that separates the document from watermarks 

10 . . (73Q0),and public components of the digital T identity (7302). Th?, serial numbers, 

positional information and time-stamp/rgindom information, are validated A by comparing 
them with information stored in a database. WJien the conventional djgitalsignature 
attached to the document, is. validated and. the time-stamp, or random number 
attached to a document is validated, the^inding of the electronic impression made by 

1 5 a digital identity with the document is deemed fiuth^ntic. and the decrypted ctopument 
is then displayed along with some of the information in the public components of a 
digitaljftentity. Jo this embodiment, tye handwri^?n signature or seal or photographic 
. image t or biprnejrip^p^rt^qf the digital identity js displayed wit£ the document to^" : 
Jndicate.that the dqcyrnent. jhdeed signed with,the. digital Wsntity^ T^e separated 

20 ... % plectronic r ]W9t^|i1c5 CQJi t)$gse$ for o addjfo^ . 
- e ? planaUQn pf^Fig.7. ,.. n jn _. ;ob ofns3 ojT ^ ;{terfv . , : . , if; . : ^ >- .,- n , - 



Note that such,verifications based on the electronic.^ are necessary only in 

case of a.dispute pyer the.yalidi^pf the binding 

25 bv a diqital identity of the signer with the document.. For day-to-day. verification of this ... . 
bindinq, the verification of thje conventional digital signature (based on public tey 
cryptography) shown in Figure 9 wil[ suffice. The cfmventic^nal. ve^ 
needs only the public key of the signer which can be published and maintained easily. 
The correctness ofthe cpnyentional^ process d§pends ; solely on ; the 

30 public key cryptographic assumption, and integrity of the private key.. . 

In some embodiments, after a person has used. his digital, identity to make an, ^ „ 
electronic impression on a particular dpcument^the same person can delete that 
impression after re-authenticating himself, even though the same person and/or other 
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parties have later signed trie same document. 1 Defending upon 1 the impression 
insertion/deletion protocol being empioyed; l the act of deleting a particular impression 
from a document will either: ° r " 

1 . niillify/ihvalidate/delete the later impression^ in case of a sequential 
protocbl; or : " : ' ' r: • vv ' ; ' r - ' > c ' *- >'* 1 ■■' l: ' - : 

2. ( 1 nuliify/inva'lidate/delete thesubordinate impressions irt case of a 
hierarchical protocol; or :} A: " v ; ' ' v p r " 

3. nullify/invalidate/delete all the subordinate impressions along with all 
impressibhs containing time-stamps that We^re later than the time-sfamp ; of the 
ir^pressioh being deleted; tor * 1 - ; ^ r r 

1 4. ha^W rta effect ^ ' ' 

Recovery of Digital Identity r 

in ckse theT devibe ofi which the user's digital identity resides is Ibst/thfe uriique 
personal identifiers TT arfd 2 cart be ifult^r6ct)^fed 4s Ibhg a& the 1 signer maintains his 
long teitn memory. This can be done by taking the^cUgtofn questiohs 7 oUt of th^public 
cbmpbnente of the digital idehtity availablelfbtri any prfevibusly ^ign6 4 d document, and 
repeating the entire digital identity creation process, which implies thkt^he Us4r must 
remember the answers to all the questions he used in the original identity. The 
reebhsVructed identity' Vviil contain p^rsorikl identifiers Tknd 2 that will be r fexact 
'rfiatdh@& of ^ that T cbntaihedHri the d identity. These identifiers £an*be used 

for Wrif ication of electronic w£teth\a^i6T detectioh of forgeries (wfien the public key 
ci^tbgraphic assumption is broken^br when the private key is stolen).' " 1 ' 

V ^ " ! 1 ' ' Alternate Embbdiments : " iS ' ; v ~ J ' 

Th§ use of a digital identity is" not limited to the authentication ^ ofdocu^en^s? If can be 
used in any application where the identity of an individual has to be' verified; In 
current real life situations, wherever ah individual is required to show a picture fD t give 
personal information, 6r produce bther forms of identification to prove hend^htity, a 
digital ID earned in a smart card or a'niemory card or a floppy disk can be used for 
more reliable validation. The password and/or pin number will restrict the access to 
the smart card, and the smart card will not allow access to usage of a private key for 
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signature unless the user successfully answers all questions.proposed to him. The 
private key, private information and answers to questions. will never be accessible 
externally from the smart card. In an alternate embodiment, the smart 93rd, in 
addition to carrying the digital identity in its memory, can also hay^ affixed to it a 
picture of the owner (for visual comparison with the owner when the owner is using 
the smart card to perform various transactions), and contain additional information on 
a magnetic strip similar to the cards used for everyday digital IDs. . , t , , 

In an example scenario; an individual carries his memory device, e.g Mr a smart card or 
a memory card or a floppy disk, containing the individual's cligitaj ide.ntjrty.. At. the point 
of verification, the device is inserted jntO if $hQ yerifipattion ijtachine tfciat asks the 
individual to authenticate himself by carrying out a brief question and answer session 
similar to the one depicted in Fig. 5... $MC$$ssfu{ answers to all the random questions 
posed will provide an additional strong security feature that is missing from the 
currently available system. T^is.gue^ti^n £uidpn&wer^ peed for. 

the human operators to Jisten to. the private information of the individual, which in itself 
is a security psk. QthejJ^rrns of identity ye.rification .sjuch as picture I P,. and other 
.biometric infoimatipn ^ , 

Conventiqqially^asswprds are t M^f$ f qi Jp.gging.qn to qoqi^ijters.; A digital identity 
t can be usecj as a r sub.stitut^,tpj h a £as^ It 
i^^weJI^nqyp tjv*!^ 

critical system administration passwords are chosen to be very difficult to break, and 
are typically difficult to remember. This invention provides an alternative procedure . ,,. 
for creating a secure password t^^generatpd automatically from the personal 
information of the individual seeking authentication. This is achieved by using the 
recoverable personal identifiers of the individual as shown in Fig. 4 in place of the 
password. These identifiers will be.relatively long, and would be e>rtremety difficult to 
guess. However, the person to yyh^ r\Qt |iavf : |p..renr)ember. a, cryptic 

password. The number of question the.;indiy|dual,.dw^^^ his, authentication 

session. can be made to depend on the level of security required for. that .partipular 
session. 
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Multiple impressions belonging to one or more signers may be made in the same 
document at multiple locations. Each instance of an impression, made by a digital 
identity is considered a unique irppression. These impressions are maintained in a 
sequential order or a hierarchical order or a combination thereof. 

While this invention, has been described and illustrated with ref erence to particular 
embodiments, |t will be readily apparent.to/thqse ^killed in the art .that the scope of the 
present invention is not limited to the disclosed embodiments but, on the contrary, is 
intended to cover numerous other modifications and equivalent arrangements which t 
are .included within the spirit £nd„scope of the following claims. < , 
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WHAT IS CLAIMED IS: 

i ^ . - 4 . . . , 4 ,J 

"1 . 1 A method of creating a digital identity for a person, comprising the steps of: 
creating a digital representation' of personal inf ormation Icnoton only to the 
person, as well as a digital representation of public information about the 
person, and encrypting those digital representations with at least one 
u cryptdgraphib private key to generate the digital identity,* vUVierein the digital 
"identity is sUitablef or use when cfigft^iy' sighing documents. 

2; :r The method of ciaifh fj wherein the public iriformsftiori includes 

individual-specific quefetibrts defined by ; the k peVi'ofi, arid answers to the ' 
questions are included in the person's personal information. 

3. The method of claim 2, the public information including data representing 0 
selected from the set consisting of handwritten signatures, finger prints, r 
speech, retina scans, and a picture of the person. 

4. The method of claim 2, including the steps of computing recoverable and 
unrecoverable personal identifiers, wherein at least one recoverable personal 
identifier can be regenerated by the person by providing exactly the same ^ 
public and personal information while recovering the digital identity, and 
wherein atll^flto^j^^^ identifier is generated using 
techniques that do not reliably produce exactly identical results with each 
repetition. 

5. The method of claim 2, including storing the digital identity on a portable 
storage device readable by a computer. 

6. The method of claim 5, including affixing a photograph of the owner of the 
digital identity on an exterior surface of the storage device (e.g. a smart card) 
to serve as a Picture ID. 

7. The method of claim 5, wherein owner associated identification information is 
stored in a magnetic strip affixed to the portable storage device. 
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8. The method of cl&im 5, further comprising the stejss of: 

storing with the digital identity and indication of a desired level of 
security; and ' ! * * - 

- applying the indicated level of security when using the digital identity to 
4 digitally sign a document: 1 ' r < 1 

9l the method of claim 5; including having "a trusted third party : certify public 

WbiTnattbn components of the digital" identity and durably storing a- record of 
1 the certification. * " 1 ; " : ^^V<' « ' .. --j. «r: 

- v ... 1 . r . .-- K- - :* >: ••• ' r v:\t \ - - 

It)? The nrfethodtef claim 9, wherein the publib information components of the 
digital identity are stored in a repository for reconstruction and recovery. 

1 1V the public' information components of the 

,s digital identity are ke^ 

12. The method of claim 5, further comprising the steps of: editing the digital 

* 1 identity, arid storing with the digifal identity history data^eprasenfing changes 
- :! Wade to the digital identity: V} " 3 '" sr " ; * oir; : -^m^ ^ - : - 

13. The method of claim 4, wherein copies of at least two different ones of the 
personal identifiers are k^pt iri'esi; ^^gjjgi^^ third 

14. The method of claim 2 S iriciudsh^ thfe^eps bff iF : - ^ ' : ' 
a. generating at least two personal identifiers corresponding to the public 

r T ~ :: ~ 'and personal ^ Tderitifier comprising part r of the 

: ' " ' ' '"" ' : " : digital identity; °^ - : ^or-.i -n > ^ ? -'-v:.- 

< b. v binding an^Iectr^ by: 
• ' i. : ;; authenticating a user's ownership of ifie digital identity; 

ii. rejecting the userwhen the usei^s'ownership is not authenticated; 

iii. creating watermarks corresponding to the personal identifiers, 

' ' ^each watermark being created by performing a haish function on 
: a combination of 'information including bne of the personal 



WO 98/39876 PCT/US98/04741 

. - 25 - 

identifiersj.and inf ormatioauniquely associated with the 
document; : u 

iv. applying a cryptographic function to a set of information including 
. the watermarks and document to,create a digital signature; and 

v. binding the digital signature to %rep,resentation s; of the .document. 

15. vv, The method of claim 14, wherein^the^i^ cryptographic 
I 1 : 3 function is applied includes pos&iojial information, indicating where..the digital 
signature is stored with respect to the document to whiclj it is .bour^d, the 
positional information providing a basis for detecting use of the digital signature, 
on a different or t raqdified dogument than the document digital 
. - /signature yvas w boup$. r , ■• r y*>?\ g i fcr. ■;*..; - w ?n;i*v./ 

36. - $he metood.of clair^ 

• : >, yfunctipnjis ^ppii^ci ii^iu^.^^alnumber^ the ; serif I nungber providing a : 
basis for detecting duplicate usage of the digital signature. 

r 17 r T^ e methc^okcto^ 

function is applied includes a timestamp, the tim^stamp providing, a basis for 
detecting duplicate usage of the digital signature. 

c. verifying the digital impression of the digital identity on -th^.document by 
separating the document from the digital signature, decrypting the digital 
signature, and>yiep^9||ie digital^sign^ure, tc _ : 0; / ie;o ^.r- ; . 

t-19,: t r The rp^thpd.pfi jdaim- ] jB r wh^r^t^^step, of .ye^ing : th§-|4igital signature 

includes obtaining one or more personal identifie^^sqciated with the person 
, rv < alleged to^haye digitajty signed the document directly from the digital identity of 

A . : the allege^ signer or.irorp one^riTipfe, trusted third parties with whom the 
, ■«,. personalidentifiers.haye been stored.,. - , : ^v.-.i 

20. 1 The method of claim 18, wherein t^e step of verifying the digital signature 
includes recomputing a set of watermarks and comparing the recomputed 
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